version: '3.8'

services:
  session-manager:
    build:
      context: ./session-manager
      dockerfile: Dockerfile
    ports:
      - "8000:8000"
    volumes:
      - ./sessions:/app/sessions
    environment:
      - MCP_SERVER=${MCP_SERVER:-http://localhost:8001}
      - OPENAI_API_KEY=${OPENAI_API_KEY:-}
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
      - GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
      - DOCKER_HOST=tcp://docker-daemon:2376
      - DOCKER_TLS_VERIFY=1
      - DOCKER_CERT_PATH=/certs
    depends_on:
      - docker-daemon
    networks:
      - lovdata-network
    restart: unless-stopped

  docker-daemon:
    image: docker:dind
    privileged: true
    environment:
      - DOCKER_TLS_CERTDIR=/certs
    volumes:
      - ./docker-certs:/certs
    networks:
      - lovdata-network
    command: ["--tlsverify", "--tlscacert=/certs/server/ca.pem", "--tlscert=/certs/server/cert.pem", "--tlskey=/certs/server/key.pem"]
    restart: unless-stopped

  # lovdata-mcp server is external - configured via MCP_SERVER environment variable

  caddy:
    image: caddy:2.7-alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - lovdata-network
    restart: unless-stopped

volumes:
  caddy_data:
  caddy_config:

networks:
  lovdata-network:
    driver: bridge